Exploit the possiblities
Showing 1 - 25 of 91 RSS Feed

Files

Microsoft Excel Remote Code Execution
Posted Oct 1, 2017
Authored by Eduardo Braun Prado

Microsoft Excel contains a remote code execution vulnerability upon processing OLE objects. Versions 2007, 2010, 2013, and 2016 are affected on both architectures.

tags | exploit, remote, code execution
advisories | CVE-2017-0199
MD5 | a89385c666364082a80a0ea4883429aa

Related Files

Debian Security Advisory 3976-1
Posted Sep 18, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3976-1 - Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | cisco, linux, debian
advisories | CVE-2017-2923, CVE-2017-2924
MD5 | 8b3157a35081512438053a2d850fe273
Microsoft Excel Starter 2010 XXE Injection
Posted Dec 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Excel Starter 2010 suffers from an XML eXternal Entity vulnerability that allows for remote file disclosure.

tags | exploit, remote
MD5 | 20178a697a7d8e0bdfa592af023e1815
Microsoft Excel 2010 Denial Of Service
Posted May 15, 2016
Authored by HauntIT

Microsoft Excel 2010 suffers from a read access error that can allow for denial of service attacks.

tags | exploit, denial of service
MD5 | ef52855ddb5cc49e69389a6a93ecabf3
Debian Security Advisory 3208-2
Posted Nov 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3208-2 - The update for freexl issued as DSA-3208-1 introduced a regression when handling certain Microsoft Excel spreadsheets files. Updated packages are now available to address this regression.

tags | advisory
systems | linux, debian
MD5 | 5316b88014d13a46561e2f8aa87e65ff
Microsoft Office Excel 2007, 2010, 2013 Use-After-Free With BIFFRecord
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability.

tags | exploit
systems | linux, windows
advisories | CVE-2015-2523
MD5 | 120d58ef0a347673009fceed3230c4ee
Debian Security Advisory 3310-1
Posted Jul 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3310-1 - It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened.

tags | advisory, denial of service, overflow
systems | linux, debian
MD5 | a9da7da157f9dfe082cbb4b6434c7273
Debian Security Advisory 3208-1
Posted Mar 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3208-1 - Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-2753, CVE-2015-2754, CVE-2015-2776
MD5 | 6a6d588aa9935f2230e64a99cafd9413
Zero Day Initiative Advisory 12-184
Posted Nov 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Excel's parsing of Feature11/Feature12 records. The process trusts a supplied counter value without validating its size and proceeds to use it within a copy operation to the stack. An attacker can abuse this to execute arbitrary code under the context of the user running Excel.

tags | advisory, remote, arbitrary
advisories | CVE-2012-2543
MD5 | 3b618ece5527b0d828553b3346da2ccb
Microsoft Excel Use-After-Free
Posted Nov 4, 2011
Authored by Luigi Auriemma | Site aluigi.org

Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a use-after-free vulnerability. Proof of concept included.

tags | exploit, proof of concept
systems | linux
MD5 | 35ca724b38b09ef1568ae8926ff8f8be
Microsoft Excel Memory Corruption
Posted Nov 4, 2011
Authored by Luigi Auriemma | Site aluigi.org

Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
systems | linux
MD5 | bcd24f3d13d17f8303727a753c895d2b
Microsoft Excel 2007 SP2 Buffer Overwrite
Posted Nov 2, 2011
Authored by Abysssec | Site abysssec.com

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | cc208cfc08dd7208a5b7d9ac3134291a
Excel SLYK Format Parsing Buffer Overflow
Posted Aug 9, 2011
Authored by webDEViL

Excel SLYK format parsing buffer overrun proof of concept denial of service exploit.

tags | exploit, denial of service, overflow, proof of concept
advisories | CVE-2011-1276
MD5 | 14cb1acfc048a39f4909e7ad24b8dc08
Zero Day Initiative Advisory 11-121
Posted Apr 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-121 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. Due to the usage of the uninitialized value, with proper control of the program flow an attacker can force a length of their own choosing for the memcpy operation. This will cause a buffer overflow and can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-0105
MD5 | 0eb1bba67f42bd873f5b408f1e1449d4
Zero Day Initiative Advisory 11-043
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-043 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the office drawing file format. When parsing shape data within a particular container, the application will add a reference to an object to a linked list. If an error occurs during parsing, the application will free each element yet fail to remove the reference. Afterward, the application will use this reference. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
MD5 | 1ab9996f8d997453622048327339b907
Zero Day Initiative Advisory 11-041
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. When receiving a window message, the application will proceed to navigate this linked list. This will access a method from the malformed object which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
MD5 | ae3f1bb8c75bf42e8568c51e75e1c801
Microsoft Excel Spreadsheets Expose User PIN For Secure Printing
Posted Jan 31, 2011
Site insecureprinting.com

Whitepaper called Microsoft Excel Spreadsheets Expose User PIN Used For Confidential/Secure Printing.

tags | paper
MD5 | ca0d042264c6e12ce1fc436fd77cb3f1
ACROS Security Problem Report 2010-11-10.3
Posted Nov 11, 2010
Authored by ACROS Security, Simon Raner | Site acrossecurity.com

ACROS Security Problem Report #2010-11-10-03 - A binary planting vulnerability in Microsoft Excel 2010 for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2010-3337
MD5 | ae0fa2362c6d74f756165de7a5ed2966
Microsoft Excel Ghost Record Type Parsing Vulnerability
Posted Oct 14, 2010

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation in a conversion routine when parsing a certain record type. This can be exploited to corrupt memory outside the bounds of an allocated heap buffer via an overly large range specified by two record fields. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
MD5 | 7c02cd4fa70f8af7701c1c2cf394c33f
Microsoft Excel Extra Out of Boundary Record Vulnerability
Posted Oct 14, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error when processing Extra Out of Boundary records having an insufficient size and can be exploited to corrupt memory at an arbitrary memory address. Successful exploitation may allow execution of arbitrary code. Microsoft Excel version 2002 SP3 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-3239
MD5 | 2da43e25c75ddff91a927e297fdac685
Microsoft Excel Record Parsing Integer Overflow Vulnerability
Posted Oct 14, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a sign-extension error and integer overflow when processing a certain record type and can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code. Microsoft Excel version 2002 SP3 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-3230
MD5 | e197967c4d222b700feae80f3ca27670
Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability
Posted Oct 14, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the parsing of certain records in Lotus 1-2-3 workbooks. This can be exploited to cause a heap-based buffer overflow via a Lotus 1-2-3 file containing a specially crafted, overly long record. Successful exploitation may allow execution of arbitrary code. Microsoft Excel versions 2002 SP3 and 2003 SP3 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-3233
MD5 | 3de9bf69ffb1f11da1d01b274da2d23f
Month Of Abysssec Undisclosed Bugs - Microsft Excel
Posted Sep 29, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.

tags | exploit
advisories | CVE-2010-1245
MD5 | c3f32248b631cd7cc20497552726364e
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2010-0822
MD5 | 7aecb197a63707f059d200f83fbaf47f
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-0822
MD5 | 5b13bdb12456a56de6f462798fbd4e05
Month Of Abysssec Undisclosed Bugs - Microsoft Excel HFPicture Record Parsing
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a HFPicture record parsing memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
MD5 | 67fd424e7f07751c4342483ca17f638e
Page 1 of 4
Back1234Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    11 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close